Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach
详细信息 查看全文
- 作者:Ahmed AlErouda ; Ahmed.aleroud@yu.edu.joAuthor Vitae ; Izzat Alsmadib ; ialsmadi@tamusa.eduAuthor Vitae
- 关键词:Software defined networks ; Information security ; Intrusion detection ; Graph mining ; Denial of service attacks ; Security architecture
- 刊名:Journal of Network and Computer Applications
- 出版年:2017
- 出版时间:15 February 2017
- 年:2017
- 卷:80
- 期:Complete
- 页码:152-164
- 全文大小:1623 K
- 卷排序:80
文摘
Software Defined Networking is an emerging architecture which focuses on the role of software to manage computer networks. Software Defined Networks (SDNs) introduce several mechanisms to detect specific types of attacks such as Denial of Service (DoS). Nevertheless, they are vulnerable to similar attacks that occur in traditional networks, such as the attacks that target control and data plane. Several techniques are proposed to handle the security vulnerabilities in SDNs. However, it is fairly challenging to create attack signatures, scenarios, or even intrusion detection rules that are applicable to dynamic environments such SDNs. This paper introduces a new approach to identify attacks on SDNs that uses: (1) similarity with existing attacks that target traditional networks, (2) an inference mechanism to avoid false positives and negatives during the prediction process, and (3) a packet aggregation technique which aims at creating attack signatures and use them to predict attacks on SDNs. We validated our approach on two datasets and showed that it yields promising results.